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(57)Abstract 

PROBLEM TO BE SOLVED: To protect the attack for 
estimating inside secret, information by conducting a 
regulation to processing outputs when malfunction is 
detested in the prescribed data converting processing of 
outside input data, and applying a physical shock to an 
internal circuit from the outside to cause the 
malfunction, then observing the output thereof. 
SOLUTION: A malfunction detecting part 3 detects 
whether or not a malfunction occurs in the ciphering 
processing of a data processing part 2 based on a 
plaintext and cipher data. When there is no malfunction, 
the cipher data is supplied from a control part. 4, While if 
there is a malfunction, the output of cipher data is shut 
out by the control part 4. A person who tries to obtain 
secret information in a tamper-free apparatus enters 
processing target data and giving a physical shock such 
as heat and light or the like to the processing part 2, and 
tries to observe output data which reflects the effects 
of the malfunction depended on inside information. When 

the malfunction is caused by this shock in the processing part. 2, since the detecting part 3 
forbids output to the outside of the processed result which is reflected by the effect of the 
malfunction, the attacker is impossible to procure data, and impossible to obtain secret 
information in the apparatus 1. 
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[0004 j Branson and Liricistrora suggested a new cryptoanalysis 
technology which exposes internal secret information 
without decomposing and operating a tamper-free device (for 
examp I e , htt p : //wwvj . bell core .corn/ PRKSfi / AD V S R Y 9 6 / f ac I s . h t j 
on the Internet) . The technology causes an internal device 
to malfunction (internal register is reversed 1 bit) by 
applying physical attacks from the outside such as 
radiation, electronic, heat, or vibration in a tamper-free 
device, accumulates some output data obtained as a result 
of the malfunction, and observes the influence of the 
malfunction to these output data to thereby presume the 
internal information. Such technology had not been 
conceived of until then. Considering the social background 
in which a user can easily use a tamper- free cryptographic 
device such as an IC card and the guidelines of 
conventional research and development in which the 
cryptographic device itself cannot be attacked, it is 
deemed that the technology uses a paradigm shift to some 
extent. 

[0005] Bib am and Shamir also suggested a method for 
deciphering a block cipher such as DBS based on the same 
principles (for example, 

http ://www . CS . tecnion . ac . il/~biham/df a . html on the 
Internet) . As a result of computer simulation, according to 
this method, for example, it is possible to obtain 56-bit 
DBS key by the observation of approximately 200 output 
data. 
[0006] 
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[Problems to be Solved, by the Invention] There are the 
problems that, conventional tamper-free devices have not 
provided any countermeasures against new cryptoanalysis 
methods which cause an internal device to malfunction 
(internal register is reversed 1 bit) by applying physical 
attacks from the outside such as radiation., electronic,; 
heat, or vibration in a tamper-free device, accumulates 
some output data obtained as a result of the malfunction, 
and observes the influence of the malfunction to these 
output data to thereby presume the internal information. 
[0007 J The object of the present invention, in 
consideration of the aforementioned circumstances, is 
directed to providing a tamper-free device which can 
prevent an attack method for causing the internal circuits 
to malfunction by applying physical attack from the 
outside, observing the output and presuming the secret 
information inside a device. 

[0070J Below, the processing of the data processing part 2 
of a tamper resistant device explained using FIGS . 1 to 6 
is explained for a configuration example when using a round 
function. In a cryptographic algorithm using a round 
function such as DES or E'EAL, the round function using a 
key as the parameter is repeatedly used for the plain text 
to be encrypted. For example, when using a 4 step 
transformation, first, the plain text is transformed by the 
first round function, the conversion result is converted by 
the second round function, and this conversion result is 
further sequentially converted by the third round function 
and the fourth round function. The number of steps of the 
round function is determined by the cryptographic 



algorithm. The same is true for decoding. 

[0071] Detecting malfunctions in each round is possible by 
a product cipher system in which round function are 
repeated like this. Consequently, for example, in the case, 
of encryption, the encryption circuits (in the case of two 
multiplex methods) or decryption circuits (in the case of 
recalculation) for the detection of a malfunction are 
independent in addition to the original encryption 
circuits, so that it becomes possible to prevent, an. 
increase of the entire processing rate depending on the 
detection processing of malfunctions by performing parallel 
operations. In short, the malfunction detection processing 
on the basis of the processing results of a round function 
and the encryption processing (or decryption processing) of 
the subsequent round function can be simultaneously 
performed. When it is determined that malfunctions were 
generated in the processing of the round function, the 
processing can be suspended, or the final processing result 
can be prevented from being outputted to the outside. 
[0072] FIG. 10 shows the example when there are four steps 
of the rounds and the duplex method is used in the 
composition of the malfunction detection part 3, Encryption 
circuits 201 to 204, 301 to 304 correspond to the 
respective round functions. 

[0073] The two encrypted data are compared by the 
comparison parts 311 to 314, and the result is notified to 
the operation control part 321. When the operation control 
part 321 receives a notification of a malfunction detection 
from the comparison parts 311 to 313, the processing of the 
subsequent steps is suspended, and when a notification of a 
malfunction detection is received from the final step of 
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the comparison parts 314, the final processing result is 
not output to the outside by controlling the output control 
part 4 , 
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